karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-5418) SSH public key authentication from LDAP
Date Wed, 06 Dec 2017 14:20:00 GMT

    [ https://issues.apache.org/jira/browse/KARAF-5418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16280229#comment-16280229

ASF subversion and git services commented on KARAF-5418:

Commit fcff64f6e95dbe92582d0e4a8ba9db2125ad1086 in karaf's branch refs/heads/karaf-4.1.x from
[ https://gitbox.apache.org/repos/asf?p=karaf.git;h=fcff64f ]

[KARAF-5418] Add LDAPPubkeyLoginModule JAAS module

This commit contains two test public/private key pairs that are used to exercise the LDAPPubkeyLoginModule

> SSH public key authentication from LDAP
> ---------------------------------------
>                 Key: KARAF-5418
>                 URL: https://issues.apache.org/jira/browse/KARAF-5418
>             Project: Karaf
>          Issue Type: Improvement
>          Components: karaf-security
>            Reporter: Ciprian Ciubotariu
>            Assignee: Ɓukasz Dywicki
>            Priority: Minor
>              Labels: security
>             Fix For: 4.1.4, 4.2.0
> We have an environment with multiple karaf instances deployed, all authenticating SSH
connections using the username/password mechanism from a LDAP server. Repeatedly logging into
these servers requires copy-pasting passwords from the keychain, which ... well, can lead
to leaks and is also annoying after a while. At the same time hosts are is easier with SSH
keys, which we also store in LDAP.
> I have created a LDAP public-key authentication module to karaf following the file-based
PubkeyLoginModule, and I want to contribute it to karaf. Github PR to follow.
> To use it one has to use the same JAAS module settings as for {{LDAPLoginModule}}, but
with class {{LDAPPubkeyLoginModule}} and an added configuration option {{user.pubkey.attribute}}.
Any attribute can be used to store the public key(s), such as the {{publicKey}} attribute
from {{objectClass: extensibleObject}}. You'll find complete examples in tests.

This message was sent by Atlassian JIRA

View raw message